How to delete this worm !?


ok i just reformated my PC and i installed the eMule P2P program and every thing is cool. i got McAfee firewall and anti virus …

i was dumb to download incomplete files from eMule and that was the worm …

it called W32/Tibick!p2p …

i scaned my All my PC with Mcafee and he got like 400 worms and he deleted all of them.

every thing is cool now but when ever i leave my PC and go out for like 4 hours or so i come back and see 3~7 worning for the same worm !!!

WTF ? is it still their ? but i deleted every thing how come it’s coming again ?

please if any one have idea about this i appreciated for helping . :bow:

yah one other thing McAfee said the virus is located in C:\System Volume information_restore{B2096D04-B9FC-467B and shit like that …

i don’t know but this file is not available in my C:\ and system restore is disabled in my PC …

i am so confused …

i don’t want to install norton anti virus cause i hate it…

Use some other software, like The Cleaner (

First, try Stinger from McAfee (should be on their website). You might also want to try some Symantec Removal Tools or even Microsoft® Windows® Malicious Software Removal Tool. :slight_smile:

  1. Keep your AV up to date
  2. Look on Symantec’s site. Sometimes they have free tools to get rid of specific worms/viruses. In your case, it’d be the ‘W32/Tibick!p2p’ worm.
  3. Go into safe mode (look in Windows Help on how to do that) and scan your computer from there, with both McAfee and the Symantec removal tool, if possible.
  4. Look in your eMule queue. Does anything seem suspicious, or is there something that seems a bit stupid (say, Warcraft III file that is 49kb)? If so, get rid of it. Stop basically all downloads, except the ones that you KNOW aren’t the worm. Most things that pose as other programs, but are actually worms, are things like programs, games, hacks, keygens, cracks, loaders, porn, etc.

But I highley reccomend the last two points.

thank u guys …

well i deleted eMule last night and i still get worning when i am not in my PC ( thats strange !! )

any way i will try to do what u guys advice me …

thanks …

you’ll have to check msconfig, see whats starting when you start your computer, then you’ll need to check the run key in the HKLM registry, make sure nothing is in there that doesn’t belong, and then you’ll have to delete the sysvol and let a new one be re-written.

dude it’s quite simple “turn off system restore”. That will delete everything in system volume information(which is your restore directory)

It doesn’t delete everything in there, it just stops keeping the information from the point you turn it off, you have to add a user/permission in order to delete the contents of the file even if you are the admin…

um NO it deletes the whole contents of the folder and gives you your space back.

well smart ass it’s obviously not because system volume information is used only for system restore, if it’s got something in it, it’s not off.

I don’t think insults are called for, thankyou very much!

You suggested he turn off system restore, I just pointed out he said he has already disabled it.

Or am I missing something?

you could have at least said something instead of just quoting VERY annoying! But the fact remains SVI is for system restore if something is in there it’s not off. When you disable system restore you are in effect telling windows you want that space back so it deletes everything in there.

you could have at least said something instead of just quoting VERY annoying!

Actually, I didn’t think a comment was required.

I still don’t think an insult was the way to go though. Not really the way to make friends or stay on good terms with people :rolleyes:

if you have nothing to say about this thread STOP replying please.

Some interesting links for cobra88, all about the system information folder, how to access the contents and remove trojans from it:

@slayerking is almost right - disable system restore (in the System properties), then run another scan & delete.

@slayerking, disabling system restore doesn’t delete all the system restores (you can do that from the system cleanup tool), but it does allow the user to delete stuff from the system without the system re-instating the deletions.

@cobra88, make sure to re-enable system restore once you’re done.

1:Slayerking is not almost right he is spot on!
2: Disabling system restore DOES EMPTY the system volume information folder i’ve done it!! when i had a trojan in there. Read the links above your post are you saying that even M$ has it wrong?

slayerking is/was correct.

open my computer, right click in the white space, and goto properties. turn off restore from the tabs

//i enabled it for about 2 seconds, and it popped a system volume info folder into my c:/ drive.